Implementation of a simple authentication service + in connector in route to making HGInventory (client access) work in standalone again. This is the refactoring of what was/is there, but done in the new model. Not complete yet, but key authentication works. It should be enough to make HGInventory work again soon.

1 files changed, 172 insertions, 9 deletions

diff --git a/OpenSim/Services/AuthenticationService/AuthenticationService.cs b/OpenSim/Services/AuthenticationService/AuthenticationService.cs
index 3eaa03d..6eaf0b0 100644
--- a/OpenSim/Services/AuthenticationService/AuthenticationService.cs
+++ b/OpenSim/Services/AuthenticationService/AuthenticationService.cs
@@ -26,6 +26,7 @@
  */
 
 using System;
+using System.Collections.Generic;
 using System.Reflection;
 using Nini.Config;
 using log4net;
@@ -37,34 +38,196 @@ using OpenMetaverse;
 
 namespace OpenSim.Services.AuthenticationService
 {
-    public class AuthenticationService : ServiceBase, IAuthenticationService
+    /// <summary>
+    /// Simple authentication service implementation dealing only with users.
+    /// It uses the user DB directly to access user information.
+    /// It takes two config vars:
+    /// - Authenticate = {true|false} : to do or not to do authentication
+    /// - Authority = string like "osgrid.org" : this identity authority
+    ///               that will be called back for identity verification
+    /// </summary>
+    public class HGAuthenticationService : ServiceBase, IAuthenticationService
     {
-        public AuthenticationService(IConfigSource config) : base(config)
+        private static readonly ILog m_log
+            = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType);
+
+        protected IUserDataPlugin m_Database;
+        protected string m_AuthorityURL;
+        protected bool m_PerformAuthentication;
+        protected Dictionary<UUID, List<string>> m_UserKeys = new Dictionary<UUID, List<string>>();
+
+
+        public HGAuthenticationService(IConfigSource config) : base(config)
         {
+            string dllName = String.Empty;
+            string connString = String.Empty;
+
+            //
+            // Try reading the [DatabaseService] section first, if it exists
+            //
+            IConfig dbConfig = config.Configs["DatabaseService"];
+            if (dbConfig != null)
+            {
+                dllName = dbConfig.GetString("StorageProvider", String.Empty);
+                connString = dbConfig.GetString("ConnectionString", String.Empty);
+            }
+
+            //
+            // Try reading the more specific [InventoryService] section, if it exists
+            //
+            IConfig authConfig = config.Configs["AuthenticationService"];
+            if (authConfig != null)
+            {
+                dllName = authConfig.GetString("StorageProvider", dllName);
+                connString = authConfig.GetString("ConnectionString", connString);
+
+                m_PerformAuthentication = authConfig.GetBoolean("Authenticate", true);
+                m_AuthorityURL = "http://" + authConfig.GetString("Authority", "localhost");
+            }
+
+            //
+            // We tried, but this doesn't exist. We can't proceed.
+            //
+            if (dllName.Equals(String.Empty))
+                throw new Exception("No InventoryService configuration");
+
+            m_Database = LoadPlugin<IUserDataPlugin>(dllName);
+            if (m_Database == null)
+                throw new Exception("Could not find a storage interface in the given module");
+
+            m_Database.Initialise(connString);
+        } 
+
+        /// <summary>
+        /// This implementation only authenticates users.
+        /// </summary>
+        /// <param name="principalID"></param>
+        /// <param name="password"></param>
+        /// <returns></returns>
+        public bool Authenticate(UUID principalID, string password)
+        {
+            if (!m_PerformAuthentication)
+                return true;
+
+            UserProfileData profile = m_Database.GetUserByUUID(principalID);
+            bool passwordSuccess = false;
+            m_log.InfoFormat("[AUTH]: Authenticating {0} {1} ({2})", profile.FirstName, profile.SurName, profile.ID);
+
+            // we do this to get our hash in a form that the server password code can consume
+            // when the web-login-form submits the password in the clear (supposed to be over SSL!)
+            if (!password.StartsWith("$1$"))
+                password = "$1$" + Util.Md5Hash(password);
+
+            password = password.Remove(0, 3); //remove $1$
+
+            string s = Util.Md5Hash(password + ":" + profile.PasswordSalt);
+            // Testing...
+            //m_log.Info("[LOGIN]: SubHash:" + s + " userprofile:" + profile.passwordHash);
+            //m_log.Info("[LOGIN]: userprofile:" + profile.passwordHash + " SubCT:" + password);
+
+            passwordSuccess = (profile.PasswordHash.Equals(s.ToString(), StringComparison.InvariantCultureIgnoreCase)
+                               || profile.PasswordHash.Equals(password, StringComparison.InvariantCultureIgnoreCase));
+
+            return passwordSuccess;
         }
 
-        public UUID AllocateUserSession(UUID userID)
+        /// <summary>
+        /// This generates authorization keys in the form
+        /// http://authority/uuid
+        /// after verifying that the caller is, indeed, authorized to request a key
+        /// </summary>
+        /// <param name="userID">The principal ID requesting the new key</param>
+        /// <param name="authToken">The original authorization token for that principal, obtained during login</param>
+        /// <returns></returns>
+        public string GetKey(UUID principalID, string authToken)
         {
-            return UUID.Zero;
+            UserProfileData profile = m_Database.GetUserByUUID(principalID);
+            string newKey = string.Empty;
+
+            if (profile != null)
+            {
+                m_log.DebugFormat("[AUTH]: stored auth token is {0}. Given token is {1}", profile.WebLoginKey.ToString(), authToken);
+                // I'm overloading webloginkey for this, so that no changes are needed in the DB
+                // The uses of webloginkey are fairly mutually exclusive
+                if (profile.WebLoginKey.ToString().Equals(authToken))
+                {
+                    newKey = UUID.Random().ToString();
+                    List<string> keys;
+                    lock (m_UserKeys)
+                    {
+                        if (m_UserKeys.ContainsKey(principalID))
+                        {
+                            keys = m_UserKeys[principalID];
+                        }
+                        else
+                        {
+                            keys = new List<string>();
+                            m_UserKeys.Add(principalID, keys);
+                        }
+                        keys.Add(newKey);
+                    }
+                    m_log.InfoFormat("[AUTH]: Successfully generated new auth key for {0}", principalID);
+                }
+                else
+                    m_log.Warn("[AUTH]: Unauthorized key generation request. Denying new key.");
+            }
+            else
+                m_log.Warn("[AUTH]: Principal not found.");
+
+            return m_AuthorityURL + newKey;
         }
 
-        public string GetUserKey(UUID userID, string authToken)
+        /// <summary>
+        /// This verifies the uuid portion of the key given out by GenerateKey
+        /// </summary>
+        /// <param name="userID"></param>
+        /// <param name="key"></param>
+        /// <returns></returns>
+        public bool VerifyKey(UUID userID, string key)
         {
-            return String.Empty;
+            lock (m_UserKeys)
+            {
+                if (m_UserKeys.ContainsKey(userID))
+                {
+                    List<string> keys = m_UserKeys[userID];
+                    if (keys.Contains(key))
+                    {
+                        // Keys are one-time only, so remove it
+                        keys.Remove(key);
+                        return true;
+                    }
+                    return false;
+                }
+                else
+                    return false;
+            }
         }
 
-        public bool VerifyUserKey(UUID userID, string key)
+        public UUID AllocateUserSession(UUID userID)
         {
-            return false;
+            // Not implemented yet
+            return UUID.Zero;
         }
 
-        public bool VerifyUserSession(UUID userID, UUID session)
+        public bool VerifyUserSession(UUID userID, UUID sessionID)
         {
+            UserProfileData userProfile = m_Database.GetUserByUUID(userID);
+
+            if (userProfile != null && userProfile.CurrentAgent != null)
+            {
+                m_log.DebugFormat("[AUTH]: Verifying session {0} for {1}; current  session {2}", sessionID, userID, userProfile.CurrentAgent.SessionID);
+                if (userProfile.CurrentAgent.SessionID == sessionID)
+                {
+                    return true;
+                }
+            }
+
             return false;
         }
 
         public void DestroyUserSession(UUID userID)
         {
+            // Not implemented yet
         }
     }
 }